[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mirari template

On 2 May 2013, at 08:40, Pierre Chambart <pierre.chambart@xxxxxxxxxxx> wrote:

> Le Sun, 31 Mar 2013 23:47:15 +0100,
> Anil Madhavapeddy <anil@xxxxxxxxxx> a écrit :
>> The one missing thing in Cohttp/Async is SSL support, which we'll
>> need to add via an stunnel wrapper for now. Dave, is the existing
>> Xapi stunnel code in a library, or do we need to extract it?
> Wouldn't it be easier to do it using ocamlssl like lwt_ssl does ? It is
> quite easy. You need to be able to wake up threads when a file
> descriptor is ready for read/write, I haven't verified, but it should
> probably be possible in Async.

I basically don't trust those bindings.  It would be far more robust
to have low-level SSL bindings, and do the higher-level async handling,
entropy generation and certificate callbacks in pure OCaml.  OpenSSL is
also a bit of a beast to compile for an embedded environment like Mirage.

(The long-term aim is to replace the SSL library with a pure OCaml one,
and gradually rewriting the existing bindings as we go along seems like
a good approach).




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.